Physical Port Validation for Information Handling Systems

1. A method for validating an IHS (Information Handling System) comprising a plurality of I/O (Input/Output) ports, the method comprising: retrieving an inventory certificate uploaded to the IHS during factory provisioning of the IHS, wherein the inventory certificate includes an inventory specifying a portion of the plurality of I/O ports of the IHS to be enabled; collecting an inventory of detected I/O ports of the IHS; comparing the collected inventory of detected I/O ports against the inventory of the portion of I/O ports to be enabled from the inventory certificate in order to validate the IHS is operating using only the portion of the I/O ports included in the inventory certificate that was uploaded to the factory-provisioning of the IHS; and disabling detected I/O ports of the IHS that are not validated as ne of the portion of the I/O ports to be enabled based on the comparison to the factory-provisioned inventory certificate.

2. The method of claim 1, wherein the portion of I/O ports included in the inventory certificate is based on a listing that is specified by a purchaser of the IHS and that is used during factory-provisioning to generate the inventory certificate that is uploaded to the IHS, wherein the portion of I/O ports comprises I/O ports of the IHS selected for enabling by the purchaser of the IHS.

3. The method of claim 1, wherein the validation that only the portion of the I/O ports to ben enabled are operational and that no other detected ports are operational on the IHS is conducted by a pre-boot validation process of the IHS.

4. The method of claim 3, wherein the pre-boot validation process is implemented by a remote access controller of the IHS, and wherein the inventory certificate uploaded to the IHS during factory provisioning of the IHS is an identity certificate generated based on certificate signing request issued by the embedded controller.

5. The method of claim 3, wherein the inventory certificate including the portion of I/O ports to be enabled is uploaded by the embedded controller to a persistent memory of the IHS during the factory provisioning of the IHS.

6. The method of claim 1, wherein the detected I/O ports of the IHS that are disabled are not usable by any software or hardware of the IHS.

7. The method of claim 1, wherein the plurality of I/O ports comprise at least one of: a data port, a video port, a network port, a debugging port, and an audio port.

8. The method of claim 1, further comprising: receiving an updated inventory certificate that specifies an updated portion of the I/O ports for the IHS to be enabled.

9. The method of claim 1, wherein the comparison of the detected I/O ports against the inventory from the inventory certificate identifies the detected I/O ports of the IHS to be disabled.

10. An IHS (Information Handling System) comprising: a plurality of I/O ports, wherein during factory provisioning of the IHS an inventory certificate is uploaded to the IHS, wherein the inventory certificate includes an inventory specifying a portion of the plurality of I/O ports of the IHS to be enabled ; one or more processors; and one or more memory devices coupled to the processors, the memory devices storing computer-readable instructions that, upon execution by the processors, cause the IHS to: retrieve the signed inventory certificate uploaded during factory provisioning of the IHS; collect an inventory of detected I/O ports of the IHS; compare the detected I/O ports against the inventory of the portion of I/O ports to be enabled from the inventory certificate in order to validate the IHS is operating using only the portion of the I/O ports included in the inventory certificate that was uploaded to the factory-provisioning of the IHS; and disable detected I/O ports of the IHS that are not validated as one of the portion of the I/O ports to be enabled based on the comparison to the factory-provisioned inventory certificate.

11. The IHS of claim 10, wherein the portion of I/O ports included in the inventory certificate is based on a listing of I/O ports for the IHS to be enabled that is specified by a purchaser of the IHS.

12. The IHS of claim 10, wherein any of the of the detected I/O ports of the IHS that are disabled are not usable by any software or hardware of the IHS.

13. The IHS of claim 10, wherein the inventory certificate including the portion of I/O ports to be enabled is uploaded to a persistent memory of the IHS during the factory provisioning of the IHS.

14. The IHS of claim 10, wherein the plurality of I/O ports comprise at least one of: a data port, a video port, a network port, a debugging port, and an audio port.

15. The IHS of claim 10, wherein execution of the instructions by the processors further causes the IHS to receive an updated inventory certificate that specifies an updated portion of the I/O ports for the IHS to be enabled.

16. A computer-readable storage device having instructions stored thereon for validating secure assembly and delivery of an IHS (Information Handling System) comprising a plurality of I/O ports, wherein execution of the instructions by one or more processors of the IHS causes a validation process of the IHS to: retrieve an inventory certificate uploaded to the IHS during factory provisioning of the IHS, wherein the inventory certificate includes an inventory specifying a portion of the plurality of I/O ports of the IHS to be enabled; collect an inventory of detected I/O ports of the IHS; and compare the collected inventory of detected I/O ports against the inventory of the portion of I/O ports to b enabled from the inventory certificate in order to validate the IHS is operating using only the portion of the I/O ports included in the inventory certificate that was uploaded to the factory-provisioning of the IHS; and disable detected I/O ports of the IHS that are not validated as one of the portion of the I/O ports to be enabled based on the comparison to the factory-provisioned inventory certificate.

17. The storage device of claim 16, wherein the validation that only the portion of the I/O ports to be enabled are operational on the IHS is conducted by a pre-boot validation process of the IHS.

18. The storage device of claim 17, wherein the pre-boot validation process is implemented by a remote access controller of the IHS.

19. The storage device of claim 18, wherein the storage device comprises a storage device of the remote access controller.

20. The storage device of claim 19, wherein the inventory certificate is uploaded to the storage device of the remote access controller during the factory provisioning of the IHS.